Skip to main content
close search
site logo
Dive Brief

‘Shift-left’ software strategy challenged by security and compliance

Developer burnout and supply chain concerns mount as companies push to begin software testing early in the development process.

Published Sept. 15, 2022
Matt Ashare's headshot
Senior Reporter
Young Woman Writing Code on Desktop Computer in Stylish Loft Apartment in the Evening.
gorodenkoff via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • A majority of C-suite executives favor a shift-left approach to software development security, according to a CloudBees report, which surveyed 600 executives between June 27 and July 8.
  • More than three-quarters are currently implementing shift-left strategies, integrating testing into the software development process. More than 8 in 10 executives surveyed said the approach is important for their companies.
  • The move has placed a burden on developers and reduced confidence in software supply chain security. More than half of executives report that shifting left has strained developers and 88% say their supply chain is secure, down from 95% in 2021.

Dive Insight:

Rethinking software development has yielded big wins for the enterprise. But change begets new and unexpected challenges.

Compliance issues and security concerns are slowing the pace of innovation in software development, according to three-quarters of the executives surveyed by CloudBees, the enterprise software delivery company.

The perils of overburdening development teams have intensified given the tight market for tech talent and companies' struggle to retain IT staff.

Developer talent is particularly in high demand. Software engineers topped Dice’s list of in-demand tech occupations, based on an analysis of three million job postings in the first half of the year.

The most coveted tech workers are aware there are options. Four in 10 of 2,500 developers surveyed by Digital Ocean in April and May said they had considered leaving their current job.

If the talent crunch is a temporary but painful traffic jam on the road to modernization, then security compliance is more akin to a speed limit that will slow the pace over a longer haul.

New cybersecurity guidelines introduced by the National Security Agency and the Cybersecurity and Infrastructure Security Agency, in part a response to the massive SolarWinds software breach of 2020, specifically target the development process and the software supply chain.

While compliance with new federal guidelines is only mandatory for companies doing business with the government, but enhanced security is favored over speed in the development process by more than three-quarters of the executives surveyed by CloudBees.

Performing compliance audits, testing for vulnerabilities and addressing defects slow the development process and, in a shift-left framework, place more responsibility for security on the developers. Balanced against the potential cost of a cyber breach, it’s a tradeoff most companies are willing to accept.

Editors' picks

Company Announcements

View all | Post a press release
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Editors' picks
Latest in IT Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell